This is your work, valued
ScreenshotBOF. An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.
499Burp2Malleable. Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles
418maldev-links. My collection of malware dev links
318WindowSpy. WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.
283WebcamBOF. Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options
164cobaltstrike-headless. Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.
146CustomC2ChannelTemplate. template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.
105OpenMalleableC2. Open Source Implementation of Cobalt Strike's Malleable C2
103HavocNotion. A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally safe or stable, built as a PoC to showcase Havoc C2's modular C2 channel interface.
92PyHmmm. Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog post as a tutorial sample
86Cobaltstrike_BOFLoader. open source port/reimplementation of the Cobalt Strike BOF Loader as is
73bof_template. BOF template with boflink and mutator kit support
52OpenMalleableAdaptix. Adaptix C2 extender to support Cobalt Strike Malleable C2 profiles
42BusySleepBeacon. This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built in Sleep() call. Most of the structure e.g. Sleep hook, shellcode exec etc. are taken from mgeeky's https://github.com/mgeeky/ShellcodeFluctuation.
36evasion-adventures-files. Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
31cobaltstrike-sleepmask-yara. Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs
16GamingMouseWebSoftwares. HTML
15SharpAwareness. Light and more OPSEC friendly way for red teamers to gain quick situational awareness of both the host and the user.
12CobaltStrikeSoundBoard. Python
11beacon_notify_discordhook. Probably the easiest way to setup new beacon notifications in Cobalt Strike
10headless_re_tools_for_llms. Python
10qtscrcpy_keymap_editor. Python
9yamldeck. JavaScript
6ListModulesBOF. C
5goautodial-rce-exploit. Pops a shell on a goautodial server
4sliver. Adversary Emulation Framework
4dearg-thread-ipc-stealth. A novel technique to communicate between threads using the standard ETHREAD structure
3CodeXTF2.
3codexs-useful-utils. Misc utils I made here and there, collected in one place
3titanldr-ng. A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge years ago.
3AceLdr. Cobalt Strike UDRL for memory scanner evasion.
2titan. Titan: A generic user defined reflective DLL for Cobalt Strike
2domainhunter. Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
1DynamicWrapperDotNet. Dynamically Loads Assembly and Calls Methods from JScript
1AM0N-Eye. forked for safekeeping
1CodeXTF2.github.io. codextf2.github.io
1schoolproj-fork. HTML
1Simulated-User. Python
1my-bashrc. My bashrc file
1Ekko. Sleep Obfuscation
1postman-import-python. A python library that allows importing of Postman 2.1 JSON collections into ready to use requests objects
1James-Server-RCE. Improved version of the james server RCE. Spawns a reverse shell that can bypass rbash ;)
1